CVE-2016-10033
Published: 30 December 2016
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Notes
| Author | Note |
|---|---|
| ccdm94 | applying the patch to this CVE introduces a new vulnerability, the one related to CVE-2016-10045. Therefore, when patching this CVE, also apply the fix for CVE-2016-10045. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libphp-phpmailer Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(5.2.14+dfsg-2.1)
|
| bionic |
Not vulnerable
(5.2.14+dfsg-2.1)
|
|
| cosmic |
Not vulnerable
(5.2.14+dfsg-2.1)
|
|
| disco |
Not vulnerable
(5.2.14+dfsg-2.1)
|
|
| eoan |
Not vulnerable
(5.2.14+dfsg-2.1)
|
|
| focal |
Not vulnerable
(5.2.14+dfsg-2.1)
|
|
| groovy |
Not vulnerable
(5.2.14+dfsg-2.1)
|
|
| hirsute |
Not vulnerable
(5.2.14+dfsg-2.1)
|
|
| impish |
Not vulnerable
(5.2.14+dfsg-2.1)
|
|
| jammy |
Not vulnerable
(5.2.14+dfsg-2.1)
|
|
| precise |
Ignored
(reached end-of-life)
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(5.2.14+dfsg-2.1, 5.2.18)
|
|
| xenial |
Released
(5.2.14+dfsg-1ubuntu0.1~esm1)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Not vulnerable
(5.2.14+dfsg-2.1)
|
|
|
Patches: upstream: https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
- https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
- https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
- http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2016/Dec/78
- https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
- https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
- https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
- https://www.drupal.org/psa-2016-004
- https://www.exploit-db.com/exploits/40968/
- https://www.exploit-db.com/exploits/40970/
- https://ubuntu.com/security/notices/USN-5956-1
- NVD
- Launchpad
- Debian